Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03bXFnLTVmZ2gteGg0cs4AAhQM

MediaWiki Incorrect Access Control vulnerability

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Permalink: https://github.com/advisories/GHSA-7mqg-5fgh-xh4r
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03bXFnLTVmZ2gteGg0cs4AAhQM
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 7 months ago


CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Percentage: 0.00088
EPSS Percentile: 0.39329

Identifiers: GHSA-7mqg-5fgh-xh4r, CVE-2019-12472
References: Blast Radius: 7.5

Affected Packages

packagist:mediawiki/core
Dependent packages: 4
Dependent repositories: 10
Downloads: 3,045 total
Affected Version Ranges: >= 1.32.0, < 1.32.2, >= 1.31.0, < 1.31.2, >= 1.30.0, < 1.30.2, >= 1.18.0, < 1.27.6
Fixed in: 1.32.2, 1.31.2, 1.30.2, 1.27.6
All affected versions: 1.20.3, 1.20.4, 1.20.5, 1.20.6, 1.20.7, 1.20.8, 1.21.0, 1.21.1, 1.21.2, 1.21.3, 1.21.4, 1.21.5, 1.21.6, 1.21.7, 1.21.8, 1.21.9, 1.21.10, 1.21.11, 1.24.0, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.24.5, 1.24.6, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.25.4, 1.25.5, 1.25.6, 1.26.0, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.27.4, 1.27.5, 1.30.0, 1.30.1, 1.31.0, 1.31.1, 1.32.0, 1.32.1
All unaffected versions: 1.27.6, 1.27.7, 1.28.0, 1.28.1, 1.28.2, 1.28.3, 1.29.0, 1.29.1, 1.29.2, 1.29.3, 1.30.2, 1.31.2, 1.31.3, 1.31.4, 1.31.5, 1.31.6, 1.31.7, 1.31.8, 1.31.9, 1.31.10, 1.31.11, 1.31.12, 1.31.13, 1.31.14, 1.31.15, 1.31.16, 1.32.2, 1.32.3, 1.32.4, 1.32.5, 1.32.6, 1.33.0, 1.33.1, 1.33.2, 1.33.3, 1.33.4, 1.34.0, 1.34.1, 1.34.2, 1.34.3, 1.34.4, 1.35.0, 1.35.1, 1.35.2, 1.35.3, 1.35.4, 1.35.5, 1.35.6, 1.35.7, 1.35.8, 1.35.9, 1.35.10, 1.35.11, 1.35.12, 1.35.13, 1.35.14, 1.36.0, 1.36.1, 1.36.2, 1.36.3, 1.36.4, 1.37.0, 1.37.1, 1.37.2, 1.37.3, 1.37.4, 1.37.5, 1.37.6, 1.38.0, 1.38.1, 1.38.2, 1.38.3, 1.38.4, 1.38.5, 1.38.6, 1.38.7, 1.39.0, 1.39.1, 1.39.2, 1.39.3, 1.39.4, 1.39.5, 1.39.6, 1.39.7, 1.39.8, 1.39.9, 1.39.10, 1.40.0, 1.40.1, 1.40.2, 1.40.3, 1.40.4, 1.41.0, 1.41.1, 1.41.2, 1.41.3, 1.41.4, 1.42.0, 1.42.1, 1.42.2, 1.42.3